漏洞描述
WordPress 插件 jqueryFileTree 存在目录遍历漏洞,此漏洞是由于应用程序queryFileTree.php没有对用户输入进行充分校验导致的。
WordPress 插件 jqueryFileTree queryFileTree.php 目录遍历漏洞
PoC代码
暂无相关漏洞推荐
- WordPress Yoco Payments plugin /wp-json/yoco/logs 目录遍历漏洞(CVE-2025-13801)
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC wordpress-elementor-fpd: WordPress Elementor Page Builder - Full Path Disclosure
- POC wordpress-menu-image-fpd: WordPress Menu Image - Full Path Disclosure
- POC wp-jetpack-ssrf: Wordpress Jetpack plugin - Server Side Request Forgery
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2017-18580: WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal
- POC CVE-2021-24657: Limit Login Attempts WordPress - Stored Cross-site Scripting
- POC CVE-2021-24681: Duplicate Page WordPress - Stored Cross-Site Scripting
- POC CVE-2021-25082: WordPress Popup Builder < 4.0.7 - Remote Code Execution
- POC CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting